Thank you for your input.
Can you advise the version of WordPress in your tests and also any other plugins you have activated at the time?
I have just retested and it is working as expected on all use cases.
The most likely scenario is that you are logged in to the WordPress dashboard ( as logged in used are not restricted ) or your have a conflicting security plugin active.
e.g.
forbidden – number in author name not allowed = 1
and
{“code”:”rest_cannot_access”,”message”:”Only authenticated users can access the User endpoint REST API.”,”data”:
{“status”:401}}
I wasn’t logged in at the time, I have 4.7.4 installed, the only possible conflicts, I can see is stop spammers, and WP Fail2ban. I will check again
My plugin is specifically built with Fail2Ban in mind, to enable firewall lockout of non admin users looking to enumerate ( a hacker foot print ). And I have sites with Stop Spammers.
Another question I forgot to ask was what version of PHP are you on?
Can you check your error logs for any strange messages please.
I can’t vouch for all 20,000 sites but it is definitely working on the sites I can vouch for ( that doesn’t mean there isn’t an issue with a certain combination of technology )
I need to reverse this, you are correct. I was still somehow logged into the dashboard. It’s always user error even at the admin level heh.
It is working as you said
Thank you for getting back, not every one would be so kind as to admit human error.
Heh, Well I’m a fellow IT guy, though I’m a logical/analytical type of guy. So I know, communication is a necessity. Then, whatever works, I have to administer 100 websites.
Sometimes you get used to things working regardless, I do like the Fail2ban option
